China Economic Bulletin | No. 22 (15 August 2022)

Recent Developments of Data Governance in China and Implications for Foreign Investment – Part 4 of 4

Authors: Jasper Habicht, Isabeau Höhn, Jessica Köhler

Policy Transfer in the Context of Chinese Data Governance: Multilateral Influence with Chinese Characteristics?

Policy transfer can be defined as “the process by which knowledge about policies, administrative arrangements, institutions and ideas in one political system (past or present) is used in the development of policies, administrative arrangements, institutions and ideas in another political system” (Dolowitz/Marsh 2000: 5). Policy transfer, in contrast to policy diffusion, implies a certain intention by the actors to import or export policy instruments, goals, ideas or programs. A transfer, however, is often realised in more than one direction and manifests in a continuum between voluntary and coercive transfer (Rose 1993; Dolowitz/Marsh 2000: 13; Cairney 2012: 254). It is in this context that the authors aim to locate the flows and transfers of policies and norms in the field of data security and data management implemented by the government of the People’s Republic of China.

In the course of the analysis of the development of data security, data protection and the framework of the social credit system in China, the authors of this paper could identify two major tendencies of policy transfer. The first tendency is that certain regulative norms and policies have been transferred from foreign normative systems into Chinese legal frameworks. The second tendency is that Chinese normative frameworks are exported to normative systems of other countries. Certain international standards regarding the protection of personal data, such as the European GDPR, obviously influenced the Chinese protection scheme on personal data, but the Chinese framework is broader and also includes other data that is to be protected as well. Hence, a transfer of norms from the outside to the inside of China can be observed.

The Chinese government aims to promote the establishment of systems similar to the Chinese social credit system in other countries as well. In the context of the “Belt and Road” initiative and fostering multilateral economic cooperation between the relevant countries and regions, the need for enhanced financial credibility has been voiced for which a working system to increase market trust is essential (Schaefer 2020: 60 f.). No official political statement has been made regarding a political aim of internationalising or exporting the Chinese social credit system. However, the fact that low levels of market trust and poor regulatory enforceability can be found in countries and regions other than China, too, leaves the implementation of systems similar to the Chinese social credit system not unthinkable (Schaefer 2020: 62 f.). In the context of investments in countries and regions that are part of the “Belt and Road” initiative the Chinese government could be tempted to demand credit ratings for companies in these countries and regions that are issued by Chinese CRAs (Schaefer 2020: 62).

Technical training and briefings on internet management and cybersecurity have been held where between 2017 and 2018 foreign officials, primarily from the Global South, were trained in a “Baise Executive Leadership Academy” (He 2018). Such training is seen as an essential part of promoting the Chinese governance system in foreign jurisdictions (Segal 2020: 95). Against this background, it can be argued that China follows a political strategy to influence the norms regarding data governance internationally, in the context of the social credit system as well as in the context of cybersecurity.

Summing up these findings, it is surely difficult to define the People’s Republic solely as an exporter or an importer of norms or policies. Rather, the direction of the transfer of policies and norms heavily depends on the policy field. While with regard to the protection of personal data, norms have been incorporated from European frameworks into Chinese law, in other sectors such as (corporate) social credit and cybersecurity, China rather exports normative frameworks established on its own. These findings, however, are only of preliminary nature and more in-depth research would be needed.

Conclusion

The development of the (Corporate) Social Credit System seems to have influenced the development of a legal framework on data security and personal data security in China. Experimentation, having been used in the first phase of the development of the Corporate Social Credit System, has shown that abuse of data is a risk to the trustworthiness of the Social Credit System. Apart from a centralisation of the Social Credit System the development of a legal framework to effectively protect personal data was seen as crucial for the acceptance of the system.

As a preliminary finding, this paper suggests that the at first sight contradictory parallel development of the data-hungry (Corporate) Social Credit System and the enacting of a law to protect personal data can be explained with the development of the Chinese (Corporate) Social Credit System that started with a stage of policy experimentation and later became gradually more mature and institutionalised on the national level which made it necessary to curb excessive collection of data and regulate the data processing. For companies investing in China, these developments have important implications.

An important question in the area of data security that needs to be clarified is that of the nature and scope of “important data” that the law requires to be stored within the jurisdiction of China. While a broad interpretation of this term could lead to an outflow of intellectual property, questions concerning how to prevent data fragmentation or duplication also arise if certain data needs to be stored within China. It is important to follow future developments and decisions of Chinese courts in this field in order to be able to adequately adjust transfer mechanisms of data between China and Europe.

In the area of the protection of personal data, the regulations that are in place already within the EU are also applicable in China since the implementation of the new Personal Information Protection Law. It should be relatively easy, therefore, for European companies to implement already existing data protection mechanisms, although these mechanisms of course need to be extended to a new market. Since the protection frameworks are not fully congruent, a thorough assessment on the current data protection mechanisms in China as well as in Europe should be made. 

In order to adhere to the regulations that are imposed in the context of the (Corporate) Social Credit System, companies need to identify relevant ratings as these can be sector-specific. Awareness of applicable ratings and their possible negative outcomes should be increased. Monitoring the company’s compliance to local rules and norms and the requirements of sharing data to government agencies is needed. Eventually, adjustments should be made to adhere to the normative system of these ratings. 

Against this backdrop, the future development of the Chinese economy will clearly be driven by data. The Chinese government is likely to continuously pursue the aim to comprehensively implement data governance norms within China, but also to influence norm setting internationally. While a more and more mature legal framework on data security and privacy can be seen as positive development, the trend towards the use of aggregated data to steer the society, be it socially or economically, can prove to be a challenge for investments into China.

References

• Cairney, Paul (2012): Understanding Public Policy Theories and Issues. Basingstoke: Palgrave Macmillan.
  
• Dolowitz, David P.; Marsh, David (2000): “Learning from Abroad: The Role of Policy Transfer in Contemporary Policy-Making”, Governance 13(1), pp. 5 ff.
  
• He, Huifeng (2018): “In a remote corner of China, Beijing is trying to export its model by training foreign officials the Chinese way”, South China Morning Post, 14 July (online at https://www.scmp.com/news/china/economy/article/2155203/remote-corner-china-beijing-trying-export-its-model-training, last visited on 31 May 2021).
  
• Rose, Richard (1993): Lesson-Drawing in Public Policy: A Guide to Learning Across Time and Space. Chatham (NJ): Chatham House.
  
• Schaefer, Kendra (2020): China’s Corporate Social Credit System: Context, Competition, Technology and Geopolitics (online at https://www.uscc.gov/sites/default/files/2020-12/Chinas_Corporate_Social_Credit_System.pdf, last visited on 3 August 2022).
  
• Segal, Adam (2020): “China’s Vision for Cyber Sovereignty and the Global Governance of Cyberspace”, in: Rolland, Nadège (ed.): An Emerging China-Centric order: China’s Vision for a New World order in practice (NBR Special Report August 2020) (pp. 85–100). Washington: National Bureau of Asian Research.